tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/tests/mini_parser.py
Tri Vo 438684b39f Only maintain maps between current and previous selinux versions. 
New maintenance scheme for mapping files:
Say, V is the current SELinux platform version, then at any point in time we
only maintain (V->V-1) mapping. (V->V-n) map is constructed from top (V->V-n+1)
and bottom (V-n+1->V-n) without changes to previously maintained mapping files.

Caveats:
- 26.0.cil doesn't technically represent 27.0->26.0 map, but rather
current->26.0. We'll fully migrate to the scheme with future releases.

Bug: 67510052
Test: adding new public type only requires changing the latest compat map
Change-Id: Iab5564e887ef2c8004cb493505dd56c6220c61f8
2018-10-02 15:10:13 -07:00

129 lines
4.2 KiB
Python
Raw Blame History

from os.path import basename
import re
import sys
# A very limited parser whose job is to process the compatibility mapping
# files and retrieve type and attribute information until proper support is
# built into libsepol
# get the text in the next matching parens
class MiniCilParser:
def __init__(self, policyFile):
self.types = set() # types declared in mapping
self.pubtypes = set()
self.expandtypeattributes = {}
self.typeattributes = set() # attributes declared in mapping
self.typeattributesets = {} # sets defined in mapping
self.rTypeattributesets = {} # reverse mapping of above sets
self.apiLevel = None
with open(policyFile, 'r') as infile:
s = self._getNextStmt(infile)
while s:
self._parseStmt(s)
s = self._getNextStmt(infile)
fn = basename(policyFile)
m = re.match(r"(\d+\.\d+).+\.cil", fn)
if m:
self.apiLevel = m.group(1)
def unparse(self):
def wrapParens(stmt):
return "(" + stmt + ")"
def joinWrapParens(entries):
return wrapParens(" ".join(entries))
result = ""
for ty in sorted(self.types):
result += joinWrapParens(["type", ty]) + "\n"
for ta in sorted(self.typeattributes):
result += joinWrapParens(["typeattribute", ta]) + "\n"
for eta in sorted(self.expandtypeattributes.items(),
key=lambda x: x[0]):
result += joinWrapParens(
["expandtypeattribute", wrapParens(eta[0]), eta[1]]) + "\n"
for tas in sorted(self.typeattributesets.items(), key=lambda x: x[0]):
result += joinWrapParens(
["typeattributeset", tas[0],
joinWrapParens(sorted(tas[1]))]) + "\n"
return result
def _getNextStmt(self, infile):
parens = 0
s = ""
c = infile.read(1)
# get to first statement
while c and c != "(":
c = infile.read(1)
parens += 1
c = infile.read(1)
while c and parens != 0:
s += c
c = infile.read(1)
if c == ';':
# comment, get rid of rest of the line
while c != '\n':
c = infile.read(1)
elif c == '(':
parens += 1
elif c == ')':
parens -= 1
return s
def _parseType(self, stmt):
m = re.match(r"type\s+(.+)", stmt)
self.types.add(m.group(1))
return
def _parseExpandtypeattribute(self, stmt):
m = re.match(r"expandtypeattribute\s+\((.+)\)\s+(true|false)", stmt)
self.expandtypeattributes[m.group(1)] = m.group(2)
return
def _parseTypeattribute(self, stmt):
m = re.match(r"typeattribute\s+(.+)", stmt)
self.typeattributes.add(m.group(1))
return
def _parseTypeattributeset(self, stmt):
m = re.match(r"typeattributeset\s+(.+?)\s+\((.+?)\)", stmt, flags = re.M |re.S)
ta = m.group(1)
# this isn't proper expression parsing, but will do for our
# current use
tas = m.group(2).split()
if self.typeattributesets.get(ta) is None:
self.typeattributesets[ta] = set()
self.typeattributesets[ta].update(set(tas))
for t in tas:
if self.rTypeattributesets.get(t) is None:
self.rTypeattributesets[t] = set()
self.rTypeattributesets[t].update([ta])
# check to see if this typeattributeset is a versioned public type
pub = re.match(r"(\w+)_\d+_\d+", ta)
if pub is not None:
self.pubtypes.add(pub.group(1))
return
def _parseStmt(self, stmt):
if re.match(r"type\s+.+", stmt):
self._parseType(stmt)
elif re.match(r"typeattribute\s+.+", stmt):
self._parseTypeattribute(stmt)
elif re.match(r"typeattributeset\s+.+", stmt):
self._parseTypeattributeset(stmt)
elif re.match(r"expandtypeattribute\s+.+", stmt):
self._parseExpandtypeattribute(stmt)
return
if __name__ == '__main__':
f = sys.argv[1]
p = MiniCilParser(f)
Reference in a new issue View git blame Copy permalink